Microsoft issued two critical bulletins on Tuesday fixing holes in its e-mail programs and the Visual Basic for Applications programming language implementation built into Office.
Bulletin MS10-030 resolves a vulnerability affecting Outlook Express, Windows Mail, and Windows Live Mail that an attacker could exploit by compromising a mail server, hosting a malicious mail server, or performing a man-in-the-middle attack to intercept communications between the client and the server.
Bulletin MS10-031 fixes a hole in Microsoft Visual Basic for Applications (VBA) that could allow an attacker to remotely run code if a host application opens and passes a malicious file to the VBA runtime environment. The update resolves the problem by changing the way VBA searches for ActiveX Controls are embedded in documents.